[jira] Resolved: (JS2-526) JBoss web.xml entry for security-constraint login/redirector wont work under Tomcat

[David Sean Taylor (JIRA)]

     [ http://issues.apache.org/jira/browse/JS2-526?page=all ]

David Sean Taylor resolved JS2-526.
-----------------------------------

    Fix Version/s: 2.1-dev
       Resolution: Fixed

patch applied.

> JBoss web.xml entry for security-constraint login/redirector wont work under 
> Tomcat
> -----------------------------------------------------------------------------------
>
>                 Key: JS2-526
>                 URL: http://issues.apache.org/jira/browse/JS2-526
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.1-dev
>         Environment: Windows XP SP2, Tomcat 5.5.16, JBoss 4.0.4-CR2, 
> Jetspeed-2.1-dev (sources)
>            Reporter: Bruno Marti
>         Assigned To: David Sean Taylor
>            Priority: Minor
>             Fix For: 2.1-dev
>
>         Attachments: security.patch.txt
>
>
> I've built my own portal from the 2.1-dev sources.
> The installed portal works on Tomcat 5.5.16, but not on JBoss 4.0.4.
> Under JBoss I am receiving a HTTP-error 403 after the log-in submit.
> (seems like the same problem in Issue JS2-496: 
> http://issues.apache.org/jira/browse/JS2-496)
> If I'm manually adding the following role-name in portal's web.xml, it works 
> fine, on both tomcat and jboss servers:
>   <role-name>*</role-name>
> here the new full constraint entry:
> ...
>       <!-- Protect LogInRedirectory.jsp.  This will require a login when 
> called -->
>       <security-constraint>
>               <web-resource-collection>
>                       <web-resource-name>Login</web-resource-name>
>                       <url-pattern>/login/redirector</url-pattern>
>               </web-resource-collection>
>               <auth-constraint>
>                       <!-- the required portal user role name defined in: -->
>                       <!-- /WEB-INF/assembly/security-atn.xml             -->
>                       <role-name>portal-user</role-name>
>                       <role-name>*</role-name>
>               </auth-constraint>
>       </security-constraint>
> ...
> Is this quite correct or do I have a security problem now?
> Or is there a bug in JBoss?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]